TrueNASTrueNAS Nightly Development Documentation
This content follows experimental nightly development software. Pre-release software is intended for testing purposes only.
Use the Product and Version selectors above to view content specific to a stable software release.

LDAP Screens

Support for LDAP Samba Schema is deprecated in TrueNAS 22.02 (Angelfish) and removed in 24.10 (Electric Eel). Migrate legacy Samba domains to Active Directory before upgrading to 24.10 or later.

LDAP Widget

The LDAP widget displays after you configure TrueNAS settings for your LDAP instance. The widget includes Status, and the Hostname and Base DN and Bind DN you configured.

LDAPwidgett

Settings opens the LDAP screen.

LDAP - Add and Edit Screens

The LDAP configuration screen has two screens, Basic Options the default view, and Advanced Options. After configuring LDAP, the edit LDAP screen includes both the basic and advanced options.

Rebuild Directory Service Cache resyncs the cache if it gets out of sync or there are fewer users than expected are available in the permissions editors.

LDAP Screen - Basic Options

The settings on the Basic Options also display on the Advanced Options screen.

Basic Option Settings

LDAPBasicOptionsSettings

SettingDescription
HostnameEnter the LDAP server hostnames/IP addresses. Separate entries with Space. You can enter multiple hostnames/IP addresses to create an LDAP failover priority list. If a host does not respond, TrueNAS tries the next host until it establishes a connection.
Base DNEnter the top level of the LDAP directory tree to use when searching for resources. Example: dc=test,dc=org.
Bind DNEnter the administrative account name for the LDAP server. Example: cn=Manager,dc=test,dc=org.
Bind PasswordEnter the password for the administrative account (in Bind DN).
EnableSelect to activate the configuration. Select to clear and disable the configuration without deleting it. You can re-enable it later without reconfiguring it. The Directory Services screen returns to the default and provides the options to configure AD or LDAP.

LDAP Screen - Advanced Options

The settings on the Advanced Options screen include the Basic Options screen.

Advanced Option Settings

LDAPAdvancedOptionsSettings

SettingDescription
Allow Anonymous BindingSelect to enable the LDAP server to disable authentication and allow read and write access to any client.
Encryption ModeSelect the options for encrypting the LDAP connection from the dropdown list.

Select OFF to not encrypt the LDAP connection.
Select ON to encrypt the LDAP connection with SSL on port 636.
Select START_TLS to encrypt the LDAP connection with STARTTLS on the default LDAP port 389.
CertificateSelect the certificate to use when performing LDAP certificate-based authentication. To configure LDAP certificate-based authentication, create a Certificate Signing Request for the LDAP provider to sign. TrueNAS does not need a certificate when using username/password or Kerberos authentication.
Validate CertificatesSelect to verify certificate authenticity.
Disable LDAP User/Group CacheSelect to disable caching LDAP users and groups in large LDAP environments. When caching is disabled, LDAP users and groups do not appear in drop-down menus but are still accepted when manually entered.
Kerberos RealmSelect an existing realm from Kerberos Realms.
Kerberos PrincipalSelect the location of the principal in the keytab created in Kerberos Keytab.
LDAP TimeoutEnter the number of seconds for the LDAP timeout. Increase this value if a Kerberos ticket timeout occurs.
DNS TimeoutEnter the number of seconds for the DNS timeout. Increase this value if DNS queries timeout.
Auxiliary Parameters(Optional - only experienced users) Specify additional options for nslcd.conf.
SchemaSelect the LDAP NSS schema from the dropdown list. Options are RFC2307 or RFC2307BIS.